Microsoft Releases RAMPART and Clarity: Open-Source Tools for Securing AI Agents in Development
- May 20
- 3 min read
Key Findings
Microsoft released two open-source tools, RAMPART and Clarity, designed to shift AI security testing from post-deployment to the development phase
RAMPART is a Pytest-native framework that continuously tests AI agents for vulnerabilities including cross-prompt injection attacks and data exfiltration throughout the development pipeline
Clarity functions as an AI-powered "thinking partner" that guides developers through design decisions and their security implications before code is written
The tools are built to make security incidents reproducible and mitigations verifiable, turning red teaming learnings into reusable engineering assets
Internal testing showed RAMPART can compress a week of manual vulnerability replication and patching work into hours
Background
Microsoft's AI red team, founded in 2019 and led by Ram Shankar Siva Kumar, has been developing security testing frameworks for AI systems. The new tools expand on PyRIT, an open automation framework Microsoft released over two years ago for black-box security testing of already-built systems. However, PyRIT was designed to scan completed systems for flaws, leaving a gap in the development phase where security decisions are made and most easily changed.
RAMPART: Continuous Security Testing Framework
RAMPART stands for Risk Assessment and Measurement Platform for Agentic Red Teaming. It integrates directly into the software development pipeline as a Pytest-native framework, meaning developers can write safety and security tests as part of their normal testing workflow. The tool requires only an adapter to connect an AI agent to the test suite.
RAMPART is specifically designed to catch cross-prompt injection attacks, where untrusted data reaches an AI system indirectly through documents, emails, tickets, or web pages that the agent processes. It tests for various harm categories including unintended behavioral regressions and data exfiltration. Unlike single-shot validation tools, RAMPART performs multiple rounds of testing to confirm that both exploits and fixes work as intended.
Clarity: Security-First Design Guidance
Clarity operates as a "structured sounding board" that engages developers before they write any code. It functions as an AI-thinking partner that asks critical questions about design decisions, pushing back on assumptions and exploring potential security implications. The tool can run as a desktop application, web interface, or be embedded directly into coding environments to provide real-time guidance.
Clarity helps teams categorize and track business objectives while highlighting downstream security consequences of their choices. It prompts developers to consider whether they should build something in the first place, not just how to build it securely. This is particularly important given the rise of AI-generated code and the decreasing costs of execution.
Shifting AI Security Left in Development
The core motivation behind both tools is addressing a fundamental problem: major security decisions are often made early in projects when the cost of changing course is minimal, yet security reviews typically happen after systems are built. By introducing structured security considerations and testable security requirements during development, Microsoft aims to prevent expensive rework later.
Siva Kumar emphasized that AI safety needs to become an engineering discipline integrated into developer workflows rather than remain philosophical debate. The tools bring security directly to where developers work, making it part of the standard development lifecycle rather than a separate compliance checkpoint.
Practical Applications Beyond Development
While designed for the development pipeline, RAMPART has demonstrated value in incident response and vulnerability remediation. Microsoft used the tool to investigate reported vulnerabilities in its own products, significantly accelerating the process of replicating bugs, identifying variants, patching, and re-testing to ensure exploits are no longer possible.
The company also emphasized that success depends on contributions from developers outside the Microsoft ecosystem. By open-sourcing these tools, Microsoft is attempting to establish foundational AI-centric security processes as industry standards rather than proprietary advantages.
Sources
https://thehackernews.com/2026/05/microsoft-open-sources-rampart-and.html
https://cyberscoop.com/microsoft-rampart-clarity-agentic-ai-security-red-teaming-tools/
https://x.com/Dinosn/status/2057154883271245864
https://x.com/TheHackersNews/status/2057146854736036291
https://www.facebook.com/thehackernews/posts/-microsoft-open-sourced-rampart-and-clarity-to-test-ai-agent-safety-earlier-in-d/1372992554865324
https://www.youtube.com/watch?v=o-AxGWAa06Y

Comments